[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cross realm authentication



Hello,

Sometimes, when I first try and telnet to a different realm,
I get strange errors. The next attempt works fine.

For instance, at one stage (I haven't been able to reproduce this for
a while now), I use to get messages that looked like:

telnet -lbmay lyell.csse.monash.edu.au
Encryption is verbose
Trying 130.194.64.41...
Connected to lyell.csse.monash.edu.au.
Escape character is '^]'.
[ Trying mutual KERBEROS5 ... ]
[ Kerberos V5 accepts you as ``bam@CHOCBIT.ORG.AU'' ]
[ Output is now encrypted with type DES_CFB64 ]
[ Input is now decrypted with type DES_CFB64 ]
Permission denied [sorry not sure of the exact wording]
Debian GNU/%s 2.2 %h

*** Connection not encrypted! Communication may be eavesdropped. ***
User not authenticated. Using plaintext username and password
Password: 

Which was weird (it definitely said "Kerberos V5 accepts you as..."), but
then the next attempt would work.

Just recently, I noticed something similar:

telnet -lroot share
Encryption is verbose
Trying 130.194.64.253...
Connected to share.csse.monash.edu.au.
Escape character is '^]'.
[ Trying mutual KERBEROS5 ... ]
Kerberos V5: mk_req failed (Cannot contact any KDC for requested realm)
[ Trying KERBEROS5 ... ]
[ Kerberos V5 accepts you as ``bam/admin@CHOCBIT.ORG.AU'' ]
[ Output is now encrypted with type DES_CFB64 ]
[ Input is now decrypted with type DES_CFB64 ]
Debian GNU/%s 2.2 %h

the next attempt worked fine (actually, I wonder if there
is still any need for non-mutual authentication? Is this
a security risk)?

On another window, at the same time, to the localhost (but one
in the remote realm as far as the ticket is concerned):

[506] [lyell:bmay] ~ >telnet -lroot lyell                            
Encryption is verbose
Trying 130.194.64.41...
Connected to lyell.csse.monash.edu.au.
Escape character is '^]'.
[ Trying mutual KERBEROS5 ... ]
Kerberos V5: mk_req failed (Invalid message type)
[ Trying KERBEROS5 ... ]
^]clKerberos V5: mk_req failed (Cannot contact any KDC for requested realm)

telnet> ose
?Invalid command
telnet> Connection closed.
[507] [lyell:bmay] ~ >
[507] [lyell:bmay] ~ >telnet -lroot lyell
Encryption is verbose
Trying 130.194.64.41...
Connected to lyell.csse.monash.edu.au.
Escape character is '^]'.
[ Trying mutual KERBEROS5 ... ]
Kerberos V5: mk_req failed (Cannot contact any KDC for requested realm)
[ Trying KERBEROS5 ... ]
Kerberos V5: mk_req failed (Cannot contact any KDC for requested realm)
Debian GNU/%s 2.2 %h
User not authenticated. Using plaintext username and password
]
telnet> close
Connection closed.
[507] [lyell:bmay] ~ >ping share
PING share.csse.monash.edu.au (130.194.64.253): 56 data bytes
64 bytes from 130.194.64.253: icmp_seq=0 ttl=255 time=0.9 ms
64 bytes from 130.194.64.253: icmp_seq=1 ttl=255 time=0.8 ms
64 bytes from 130.194.64.253: icmp_seq=2 ttl=255 time=0.7 ms

--- share.csse.monash.edu.au ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.7/0.8/0.9 ms

(share is the remote KDC)

[508] [lyell:bmay] ~ >telnet -lroot lyell
Encryption is verbose
Trying 130.194.64.41...
Connected to lyell.csse.monash.edu.au.
Escape character is '^]'.
[ Trying mutual KERBEROS5 ... ]
[ Kerberos V5 accepts you as ``bam/admin@CHOCBIT.ORG.AU'' ]
[ Output is now encrypted with type DES_CFB64 ]
[ Input is now decrypted with type DES_CFB64 ]
Debian GNU/%s 2.2 %h

-- 
Brian May <bmay@csse.monash.edu.au>